Event Log Filter Builder

Question

Hey all, below is the "Filter Builder" for the OS Event logs.

My Question is, is it possible to use this dialog in VB.Net? i would like to be able to call it in order to generate the XML which i would then use in conjunction with the EventLogQuery.

thanks in advance!

Answer 1

Yes you can, it is simply a form or a Window (WPF) which you create and then call with ShowDialog.

Be aware the latter is important, don't do it with Show because then you don't get the same results.

The ones at Visual Studio did the same, it is not a control or whatever available as class.

---

Success
Cor

Answer 2

i think there is amisunderstanding here, this window is microsoft window which is displayed when filtering the eventlogs. what i am trying to determine is if i can call/open this specific control from VB.net. this way i could build the filter XML by using an existing microsoft control rather than re-inventing the wheel

Answer 3

I didn't find it documented anywhere in the SDK http://msdn.microsoft.com/en-us/library/aa964766(VS.85).aspx, so assume it's not possible.

---

Armin

Answer 4

i think there is amisunderstanding here, this window is microsoft window which is displayed when filtering the eventlogs. what i am trying to determine is if i can call/open this specific control from VB.net. this way i could build the filter XML by using an existing microsoft control rather than re-inventing the wheel

Interesting that is new, do you have a link to this specific control. Strange that they made it, because it looks 100% like a form or wpf window which is used.

But show us the specific control (not the image of the form but a description of it as a class)

Be aware that a Microsoft Window is a WPF window, the previous one was a Windows Form.

---

Success
Cor

Answer 5

what i mean is that this window is what is used in the Operating System Eventlog when you filter it. On my windows 7 OS when you filter the Eventlog this window is what you see and once you have set the values you can then see the XML that is generated.

All i am asking is if we have access to this form in the .Net environment.

Answer 6

I think you will have to create it yourself and use either WMI or the System.Diagnostics.EventLog to accomplish your objective

for filtering WMI seems a good match

'Class Win32_NTLogEvent
'{
'  uint16   Category;
'  string   CategoryString;
'  string   ComputerName;
'  uint8    Data[];
'  uint16   EventCode;
'  uint32   EventIdentifier;
'  uint8    EventType;
'  string   InsertionStrings[];
'  string   Logfile;
'  string   Message;
'  uint32   RecordNumber;
'  string   SourceName;
'  datetime TimeGenerated;
'  datetime TimeWritten;
'  string   Type;
'  string   User;
'};

'EventType Data type: uint8 Access type: Read-only 
'Value Meaning
'1 Error
'2 Warning
'3 Information
'4 Security Audit Success
'5 Security Audit Failure


Public Class Form1

    Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        Dim strComputer As String = "."
        Dim ObjWMIEvt As Object = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
        Dim LoggedEvents As Object = ObjWMIEvt.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' AND EventType = 1")
        For Each objEvent As Object In LoggedEvents
            TextBox1.AppendText("Category: " & objEvent.Category & vbCrLf _
            & "Computer Name: " & objEvent.ComputerName & vbCrLf _
            & "Event Code: " & objEvent.EventCode & vbCrLf _
            & "Message: " & objEvent.Message & vbCrLf _
            & "Record Number: " & objEvent.RecordNumber & vbCrLf _
            & "Source Name: " & objEvent.SourceName & vbCrLf _
            & "Time Written: " & objEvent.TimeWritten & vbCrLf _
            & "Event Type: " & objEvent.Type & vbCrLf _
            & "User: " & objEvent.User & vbCrLf & vbCrLf)
        Next
    End Sub
End Class